Processing Rogue Cross Origin Request - Insecure Demo

processCOR.php located at www.andlabs.net is supposed to be accessible only from www.andlabs.org.
However the page is executed irrespective of the site making the Cross Origin Request.
Only the response is not accessible to sites other than www.andlabs.org.

In place of the date function there could be some other code that is very resource intensive to execute which can be abused by rogue JavaScript.